Google Cloud Audit Logs: In Practice


Identity & Access Management
Cloud IAM
1m 37s
Start course


NOTICE: This course is deprecated and has been replaced by


Security is considered to be one of the biggest challenges when comparing cloud vs. in-house infrastructure. Due to lack of trust, loss of control, and the multi-tenant nature of the cloud, security controls and mechanisms are of the utmost importance.

Google Cloud Platform offers tools with a single dashboard and simple interfaces to implement security policies. Google Cloud Identity and Access Management (IAM) provides an easy way to manage GCP users and the permissions assigned to them. Besides human users, GCP provides a way to create non-human identities (service accounts) and attach those to cloud applications and VMs. The correct configuration and usage of service accounts and IAM are critical to GCP security. GCP also provides a centralized dashboard to view audit logs, which are useful in the case of a security breach.

To help you get the most out of the security tools offered in Google Cloud, this course covers how to properly manage IAM, service accounts, and audit logs.

Learning Objectives

  • Understand how cloud security differs from on-premises security
  • Configure identities and access levels in Google Cloud Platform using Cloud IAM
  • Create, manage, and assign service accounts to GCP VMs 
  • View audit logs in the GCP console

Intended Audience

  • Students preparing for GCP cloud certifications
  • Cloud administrators and IT professionals
  • Cloud security practitioners
  • GCP developers


  • Completion of Google Cloud Platform Fundamentals course on Cloud Academy or practical working experience with GCP infrastructure
  • Basic proficiency with command-line tools and Linux operating system environments

Let's take a look at how we can view an audit log in GCP. I'll show how you can use a single interface to see all the logs for your cloud resources. The service that provides this interface is called Stackdriver. Stackdriver includes a centralized logging interface where you can see several different types of logs from different services in GCP in a single place. 

To get to the interface, go to the navigation menu and then scroll down to the Stackdriver section and select Logging. Here you'll see all the different types of logs. You can filter the logs using these dropdown menus here. So you can filter by log level or the type of log (the activity log is the only one available in this case), or the type of resource. 

For instance, if I want to see any logs related to VM instances, I can see all of these different types of log entries, such as Compute Engine start, stop and etc. This is set to show entries from the last hour, but I can also change it to say the last 24 hours. Similarly, I can select a different type of resource, such as anything related to a Google project, and it will show the logs related to that. 

Another way to see the activity logs without going into Stackdriver is to click on the ACTIVITY tab in the console. This is a simplified summary of the activity logs. We can see the abbreviated versions of the same entries we saw in Stackdriver, such as stopping and starting of VMs. You can also see entries for activities like creating and deleting service accounts, setting IAM policies, and so on. 

You can also filter these logs. For instance, if you want to only see specific types of activities such as configuration, you can do that. You can also filter on resource types, such as specific services. For example, if you deselect everything, then you can select a specific resource type such as a Google Cloud storage bucket, and it will only show you activities related to Google Cloud storage buckets. 

This concludes our lecture on audit logs. Coming up next, our course summary.

About the Author

Abhishek Gupta has 10+ years of experience in the domain of high-performance computing, cloud, and security. Currently, he's leading an innovation team at the Schlumberger Software Technology Innovation Center and is also a visiting faculty member at Santa Clara University where he teaches a graduate course in cloud computing. Gupta has a Ph.D. in Computer Science from the University of Illinois at Urbana Champaign.